Rewterz Threat Alert – MuddyWater APT – Active IOCs - Rewterz
Tags
country: | Iran |
attack-pattern: | Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 |
Common Information
Type | Value |
---|---|
UUID | a46d319d-805a-44f7-80bf-1b03d3fbc30c |
Fingerprint | 288801d9aec7774d |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | March 11, 2022, 3:16 p.m. |
Added to db | Dec. 19, 2024, 6:06 p.m. |
Last updated | Dec. 21, 2024, 5:01 a.m. |
Headline | Rewterz Threat Alert – MuddyWater APT – Active IOCs |
Title | Rewterz Threat Alert – MuddyWater APT – Active IOCs - Rewterz |
Detected Hints/Tags/Attributes | 47/2/46 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 5 | cve-2022-0022 |
|
Details | Domain | 3 | lalindustries.com |
|
Details | Domain | 9 | canarytokens.com |
|
Details | Domain | 4 | advanceorthocenter.com |
|
Details | md5 | 2 | 5f71191ca2aff4738d9ca86e884e9afa |
|
Details | md5 | 2 | b3504546810e78304e879df76d4eec46 |
|
Details | md5 | 3 | 6cef87a6ffb254bfeb61372d24e1970a |
|
Details | md5 | 3 | b0ab12a5a4c232c902cdeba421872c37 |
|
Details | md5 | 2 | e182a861616a9f12bc79988e6a4186af |
|
Details | md5 | 2 | bb9872bb18840b7e8a887b3be3b621c6 |
|
Details | md5 | 2 | 72e371542ad6fda96bb3fc3b1ee68d92 |
|
Details | sha1 | 2 | fa73bee345b6f5d214917b5425bb2a6bd9b45de7 |
|
Details | sha1 | 2 | d02d93b707ac999fde0545792870a2b82dc3a238 |
|
Details | sha1 | 3 | e21d95b648944ad2287c6bc01fcc12b05530e455 |
|
Details | sha1 | 3 | a8e7659942cc19f422678181ee23297efa55fa09 |
|
Details | sha1 | 2 | 69840d4c4755cdab01527eacbb48577d973f7157 |
|
Details | sha1 | 2 | 4e68e6daf702c6f8f2a7aed3fb23169f331fd47c |
|
Details | sha1 | 2 | 3f37ca0db6442743e34768e44450752637930523 |
|
Details | sha256 | 3 | fb69c821f14cb0d89d3df9eef2af2d87625f333535eb1552b0fcd1caba38281f |
|
Details | sha256 | 4 | f10471e15c6b971092377c524a0622edf4525acee42f4b61e732f342ea7c0df0 |
|
Details | sha256 | 5 | 4b2862a1665a62706f88304406b071a5c9a6b3093daadc073e174ac6d493f26c |
|
Details | sha256 | 5 | 026868713d60e6790f41dc7046deb4e6795825faa903113d2f22b644f0d21141 |
|
Details | sha256 | 4 | c2badcdfa9b7ece00f245990bb85fb6645c05b155b77deaf2bb7a2a0aacbe49e |
|
Details | sha256 | 3 | 6e50e65114131d6529e8a799ff660be0fc5e88ec882a116f5a60a2279883e9c4 |
|
Details | sha256 | 3 | ef385ed64f795e106d17c0a53dfb398f774a555a9e287714d327bf3987364c1b |
|
Details | IPv4 | 3 | 95.181.161.81 |
|
Details | IPv4 | 2 | 185.183.97.25 |
|
Details | IPv4 | 6 | 178.32.30.3 |
|
Details | IPv4 | 7 | 88.119.170.124 |
|
Details | IPv4 | 8 | 5.199.133.149 |
|
Details | IPv4 | 4 | 185.118.164.195 |
|
Details | IPv4 | 4 | 172.245.81.135 |
|
Details | Threat Actor Identifier - FIN | 445 | FIN7 |
|
Details | Url | 2 | http://lalindustries.com/wp-content/upgrade/editor.php |
|
Details | Url | 2 | http://advanceorthocenter.com/wp-includes/editor.php |
|
Details | Url | 2 | http://95.181.161.81:443/main.exe |
|
Details | Url | 2 | http://95.181.161.81/mm57aayn230 |
|
Details | Url | 2 | http://95.181.161.81/i100dfknzphd5k |
|
Details | Url | 2 | http://88.119.170.124/lcekcnkxkbllmwlpoklgof |
|
Details | Url | 2 | http://88.119.170.124/ezedcjrfvjriftmldedu |
|
Details | Url | 2 | http://5.199.133.149/oeajgyxyxclqmfqayv |
|
Details | Url | 2 | http://5.199.133.149/jznkmustntblvmdvgcwbvqb |
|
Details | Url | 2 | http://185.183.97.25/protocol/function.php |
|
Details | Url | 2 | http://185.118.164.195/c |
|
Details | Url | 1 | http://178.32.30.3 |
|
Details | Url | 1 | http://172.245.81.135 |